Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal...
Transcript of Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal...
![Page 1: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/1.jpg)
Overview of Sampling and Single Audit Reporting RequirementsA Governmental Audit Quality Center Web Event
Governmental Audit Quality Center
![Page 2: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/2.jpg)
Today’s speakers
Rachel Flanders,CPA,
CliftonLarsonAllen
Erica Forhan,CPA,
Moss Adams
2
![Page 3: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/3.jpg)
Single Audit Fundamentals – A Four Part SeriesPart 1, What is a Single Audit? A Basic Background and OverviewPart 2, The Mysteries of Major Program Determination
Part 3, Understanding and Testing Compliance Requirements and Internal Control over Compliance
Part 4, Overview of Sampling and Single Audit Reporting3
![Page 4: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/4.jpg)
What we will cover
Sampling concepts in a single auditEvaluating results of testing Single audit reporting requirements under Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards at 2 CFR 200 (UG or Uniform Guidance) Single audit quality and best practicesResources to facilitate a single audit4
![Page 5: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/5.jpg)
Terminology & abbreviations
5
CAP Corrective Action Plan IR Inherent riskCFDA Catalog of Federal Domestic Assistance OMB Office of Management and Budget
DCF Data Collection Form PTE Pass-Through Entity
FAC Federal Audit Clearinghouse QCR Quality Control Review
GAAS Generally Accepted Auditing Standards SEFA Schedule of Expenditures of Federal Awards
GAGAS or Yellow Book
Generally Accepted Government Auditing Standards SFQC Schedule of Findings and
Questioned Costs
GAQC Governmental Audit Quality Center SSPAF Summary Schedule of Prior Audit Findings
GAS-SA Guide
AICPA Audit Guide, Government Auditing Standards and Single Audits UG Uniform Guidance
![Page 6: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/6.jpg)
Sampling concepts in a single audit
![Page 7: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/7.jpg)
Discussion – What is the best advice you would give beginners about sampling in a single audit?
7
![Page 8: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/8.jpg)
Sampling concepts – statistical vs. nonstatistical
8
Auditor may choose between a statistical and a nonstatistical approach to audit sampling
Nonstatistical sampling used most often in a single auditTests of Controls
• Provide evidence about the effectiveness of the design, implementation, or operation of controls and policies in preventing or detecting material noncompliance.
• Concern: Rates of deviations from a prescribed control.
Tests of Compliance• Provide evidence about
an auditee’s ability to adhere to the direct and material compliance requirements of its major programs.
• Concern: Rates and potential magnitude of noncompliance.
![Page 9: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/9.jpg)
Sampling concepts - attribute vs. monetary sampling
9
Attribute sampling recommended for both tests of controls and tests of compliance• Tests of Controls: Common to apply attribute sampling for tests of
controls (yes/no)
• Tests of Compliance: Some populations involve monetary amounts, but focus is on evidence of compliance (yes/no)
Attribute sampling allows the auditor to:• Project a sampling error to the sample population
• Establish best estimate of questioned costs
![Page 10: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/10.jpg)
Set up your sample for success: determine audit objectives
10
Proper definition and documentation of the audit objective precedes sampling design and execution.• Separate objectives for tests of control and compliance
Examples:• A necessary control was performed effectively.
• An expenditure charged to a grant is allowable under the cost principles
![Page 11: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/11.jpg)
Define population, consider completeness
Understand the characteristics of the population• Remove individually important items
• Identify the sampling unit (eligibility files, expenditures, financial reports, cost transfers)
• Each transaction or instance of the control has an equal opportunity of being selected
• May be more than one type of transaction/control– Allowable costs—payroll vs. other than payroll
11
![Page 12: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/12.jpg)
Define population, consider completeness
Properly identify the universe of transactions• Remember: auditor’s opinion is on the compliance
requirements that could have a direct and material effect on EACH major program– Controls: Possible to test across major programs for controls
– Compliance: Treat each major program as a separate population for compliance testing
12
![Page 13: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/13.jpg)
Determine sample size – controls - suggested minimumsample sizes
13
Significance of Control and Inherent Risk (IR) of Compliance Requirement
Minimum Sample Size
0 deviations expected
Very Significant and Higher IR 60
Very Significant and Limited IROr
Moderately Significant and Higher IR40
Moderately Significant and Limited IR 25
Suggested minimum sample sizes for populations >250
![Page 14: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/14.jpg)
Internal control over compliance
Tests of Controls Sampling Table Small Frequency/Population ControlsNo Deviations Expected
Control Frequency Sample Size
Quarterly (4) 2
Monthly (12) 2 – 4
Semimonthly (24) 3 – 8
Weekly (52) 5 – 9
14
![Page 15: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/15.jpg)
Determine sample size – compliance – suggested minimum sample sizes
15
Suggested minimum sample sizes for populations > 250
Degree of Assurance NeededHigh Moderate Low60 40 25
![Page 16: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/16.jpg)
Dual purpose sample considerations
16
Common practice to utilize a single sample to achieve multiple audit objectives• Internal control over compliance testing
• Compliance testing
• Financial statement balance testing
Exercise caution:• Different characteristics are for different objectives
• If there are errors in internal control, the planned compliance sample may not be adequate
![Page 17: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/17.jpg)
Evaluating sample results
17
ALL deviations/exceptions should be evaluated to:• Understand the likely cause
• Determine if it should be reported
Justify “containment” of deviation/exception• Additional audit work necessary to contain
• Documentation should explain why the deviation/exception is not expected to be representative of other deviations/exceptions in the broader population
![Page 18: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/18.jpg)
Evaluating results of testing
18
![Page 19: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/19.jpg)
Key definitions
19
Control deficiency - exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance on a timely basis. • A deficiency in design exists when (a) a control necessary to meet the
control objective is missing, or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.
• A deficiency in operation exists when a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively
![Page 20: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/20.jpg)
Key definitions
20
Significant deficiency in internal control over compliance - is a deficiency, or a combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance.
Material weakness in internal control over compliance - is a deficiency, or combination of deficiencies, in internal control over compliance such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis.
![Page 21: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/21.jpg)
Key definitions
21
Audit Finding - deficiencies which the auditor is required by §200.516 Audit Findings to report in the SFQC
Questioned Costs - costs that are questioned by the auditor because of an audit finding:• which resulted from a violation or possible violation of a statute,
regulation, or the terms and conditions of a federal award, including funds used to match federal funds
• where the costs, at the time of the audit, are not supported by adequate documentation
• where the costs incurred appear unreasonable and do not reflect the actions a prudent person would take in the circumstances.
![Page 22: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/22.jpg)
Evaluating results of tests of controls
22
Tests of internal control may identify deficiencies, considered audit findings
Need to understand deviation and consequences
Auditor should evaluate the severity of each deficiency to determine whether, individually or in combination, is a: • Material weakness• Significant deficiency
Determination of whether a control deficiency is a significant deficiency or material weakness for the purpose of reporting an audit finding is in relation to a type of compliance requirement for a major program
![Page 23: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/23.jpg)
Evaluating results of tests of controls
23
Severity of a deficiency depends on:• the magnitude of potential noncompliance resulting from the deficiency or
deficiencies; and • whether there is a reasonable possibility that the entity’s controls will fail to
prevent, or detect and correct, noncompliance with a type of compliance requirement
The significance of a deficiency in internal control over compliance depends on the potential for noncompliance, not on whether noncompliance actually has occurred.
The absence of identified noncompliance does not provide evidence that identified deficiencies in internal control over compliance are not significant deficiencies or material weaknesses.
![Page 24: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/24.jpg)
Risk factors
24
Risk factors affect whether there is a reasonable possibility that a deficiency, or combination of deficiencies, will result in noncompliance with a type of compliance requirement of a federal program.
The factors include, but are not limited to:– the nature of the type of compliance requirement involved.
– susceptibility of the program and related types of compliance requirements to fraud.
– subjectivity and complexity involved in meeting the compliance requirement and the extent of judgment required in determining noncompliance.
– interaction or relationship of the control with other controls.
– interaction among the deficiencies.
– possible future consequences of the deficiency.
![Page 25: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/25.jpg)
Magnitude of potential noncompliance
25
Factors affecting the magnitude of potential noncompliance that could result from a deficiency or deficiencies in controls include, but are not limited to:• program amounts or total of transactions exposed to the deficiency
in relation to the type of compliance requirement;
• volume of activity related to the compliance requirement exposed to the deficiency in the current period or expected in future periods; or
• adverse publicity or other qualitative factors.
![Page 26: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/26.jpg)
Indicators of material weaknesses
26
Identification of fraud in the major program of any magnitude on the part of senior program management.
Identification by the auditor of material noncompliance in circumstances that indicate that the noncompliance would not have been detected by the entity’s internal control
Ineffective oversight by management, or those charged with governance, over compliance with program requirements where the activity is subject to a type of compliance requirement
![Page 27: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/27.jpg)
Evaluating the results of tests of compliance
27
Tests of compliance may disclose instances of noncompliance, considered audit findings.
May be of monetary nature and involve questioned costs.
Alternatively, may be nonmonetary and not result in questioned costs.
Both GAGAS and the UG specify how certain findings are to be reported.
Auditor needs to determine effect on compliance opinion, as well as the appropriate reporting of finding and any related questioned costs.
![Page 28: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/28.jpg)
Evaluating the results of tests of compliance
28
The auditor should not assume that an instance of fraud or error is an isolated occurrence and, therefore, should consider how the detection of such noncompliance affects the assessed risks of material noncompliance.
Before the conclusion of the audit the auditor should:• Evaluate whether audit risk of noncompliance has been reduced to an
appropriately low level and whether the nature, timing, and extent of the audit procedures need to be reconsidered.
• Conclude whether sufficient appropriate audit evidence has been obtained to reduce to an appropriately low level the risks of material noncompliance with compliance requirements.
![Page 29: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/29.jpg)
Evaluating the results of tests of compliance
29
Differing thresholds for evaluating noncompliance
Overall major program or clusterType of compliance requirement or audit objective from the Compliance SupplementFinancial statement materiality –to determine if GAGAS reporting needed
Results of evaluation will assist in how to report
Effect on opinion on compliance for each major programUnmodified/qualified/adverseSFQC
Instances of noncompliance detected by the auditor should also be considered for any related ineffectiveness of the related internal control
![Page 30: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/30.jpg)
Evaluating the results of tests of compliance
30
For purposes of the compliance opinion, in determining whether the auditee complied with the direct and material compliance requirements in all material respects, the auditor may consider the following factors:• Nature and frequency of noncompliance
• The adequacy of the entity’s system for monitoring compliance
• Whether any identified noncompliance with the direct and material compliance requirements resulted in likely questioned costs that are material to the federal program
![Page 31: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/31.jpg)
Other evaluation criteria
Materiality of noncompliance relative to the individual compliance requirement
Aggregate immaterial instances of noncompliance
Quantitative and qualitative factors
Whether noncompliance could be material in relation to the financial statements
Assessing materiality at the appropriate level is critical to the proper evaluation of findings
31
![Page 32: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/32.jpg)
Questioned costs
32
In evaluating the effect of questioned costs on the compliance opinion, the auditor considers the best estimate of the total costs questioned for each major program (likely questioned costs), not just the questioned costs specifically identified (known questioned costs).
Likely questioned costs are developed by extrapolating from audit evidence obtained• For example, projecting known questioned costs identified in an audit sample
to the entire population from which the sample was drawn.
Known questioned costs may not be considered material, but the likely questioned costs are considered material • The auditor should consider the noncompliance to be material (and report a
finding) or may expand the scope of the audit and apply additional audit procedures to further establish the likely questioned costs
![Page 33: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/33.jpg)
Findings of noncompliance that cannot be quantified
33
Consider the following scenario:• PTE consistently fails to monitor the activities of its subrecipients as
necessary to ensure subaward used for authorized purposes
Would likely be material in relation to the subrecipient monitoring compliance requirement• Should be reported as an audit finding
Consider effect on compliance opinion for the major program
Consider whether significant deficiencies or material weaknesses exist
![Page 34: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/34.jpg)
Example evaluation
During a test of compliance with activities allowed or unallowed, there was 1 missing invoice in a sample of 40 expenditures.
Do we have a finding?If so, what is it?
34
Situation 1
![Page 35: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/35.jpg)
Example evaluation
During a test of compliance for activities allowed or unallowed, it was noted that an expensive piece of equipment was charged to a major program when the grant agreement does not allow program funds to be spent on equipment.
Do we have an audit finding?If so, what is it?
35
Situation 2
![Page 36: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/36.jpg)
Example evaluation
During a test of compliance with subrecipient monitoring for a PTE, it was noted that of the 7 subrecipient drawdown requests selected for testing, 1 was not approved by the assigned individual.
Do we have an audit finding?If so, what is it?
36
Situation 3
![Page 37: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/37.jpg)
Example evaluation
During a test of compliance with eligibility, in a dual-purpose sample of 40 application forms (testing for both internal control and compliance):• All application forms were approved by the
director as required (key control)• However, income eligibility was not documented
on 4 formsIs there an audit finding?If so, what is it?
37
Situation 4
![Page 38: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/38.jpg)
Reporting requirements of the single audit
38
![Page 39: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/39.jpg)
What does GAGAS require to be reported?
39
GAGAS findings generally relate to the audit of the financial statements• However, single audit-related audit findings could be required to be reported in the
GAGAS reporting if material to the financial statements
Internal Control over Financial Reporting • Material weaknesses and significant deficiencies
Material instances of fraud and noncompliance with provisions of laws and regulations
Material noncompliance with provisions of contracts or grant agreements
Abuse that has a material effect, either qualitative or quantitative, on the audit
![Page 40: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/40.jpg)
What does the UG require to be reported?
40
Significant deficiencies and material weaknesses in internal control over major programs and significant instances of abuse
Material noncompliance with the provisions of Federal statutes, regulations, or the terms and conditions of Federal awards related to a major program
Known questioned costs that are greater than $25,000 for a type of compliance requirement for a major program
Known questioned costs when likely questioned costs are greater than $25,000 for a type of compliance requirement for a major program
§200.516
![Page 41: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/41.jpg)
What does the UG require to be reported?
41
Known questioned costs that are greater than $25,000 for a federal program which is not audited as a major program
Known or likely fraud affecting a federal award, unless otherwise reported in the SFQC
Instances where the results of audit follow-up procedures disclosed that the summary schedule of prior audit findings prepared by the auditee materially misrepresents the status of any prior audit finding
§200.516
![Page 42: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/42.jpg)
Report submission requirements
42
The audit must be completed and the DCF and reporting package must be submitted to the FAC within the earlier of:
• 30 calendar days after receipt of the auditor's report(s),
• or nine months after the end of the audit period.
If the due date falls on a Saturday, Sunday, or federal holiday, the reporting package is due the next business day.
The auditee must electronically submit to the FAC the DCF and the reporting package
§200.512
![Page 43: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/43.jpg)
Reporting package - required components
43
• Financial Statements and SEFA
• Auditor’s Report on the Financial Statements
• Auditor’s Reporting on the SEFA
• Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters (referred to as Yellow Book report)
Blue = Auditee Requirement Green = Auditor Requirement
![Page 44: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/44.jpg)
Reporting package - required components
44
• Auditor’s Report on Compliance with Requirements that Could Have Direct and Material Effect on Each Major Program and on Internal Control over Compliance (referred to as single audit report)
• Schedule of Findings and Questioned Costs
• Summary Schedule of Prior Audit Findings
• Corrective Action Plan
Blue = Auditee Requirement Green = Auditor Requirement
![Page 45: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/45.jpg)
Financial statements and related reportingFinancial Statements• See Part 1 of this series for more information
Auditor Reporting• Opinion-level assurance on financial statements
• In accordance with both GAAS and GAGAS
• Same fiscal year as the compliance audit
• AICPA Audit Guides include illustrative report examples– Numerous detailed examples in the AICPA Audit and Accounting Guides, State and
Local Governments and Not-for-Profit Entities
– More limited examples in AICPA GAS-SA Guide
• GAQC web pages include a sampling of Illustrative Auditor’s Reports
45
![Page 46: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/46.jpg)
SEFA and related reporting
46
SEFA• Client-prepared schedule that reports the total expenditures of federal awards• See Part 1 of this series for more information about SEFA requirements
Auditor reporting• Determine whether presented fairly in all material respects in relation to the
auditee’s financial statements as a whole• May be included in financial statement report, the single audit report, or in a
separate report• SEFA practice aids available on the GAQC Web site: www.aicpa.org/GAQC• Illustrative reporting on the SEFA included in the AICPA GAS-SA Guide
![Page 47: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/47.jpg)
Yellow Book report
47
Internal Control Over Financial Reporting• Material weaknesses and significant deficiencies
– No opinion on the effectiveness of internal control over compliance
Compliance and Other Matters• Instances of fraud and noncompliance with provisions of laws and regulations
that have a material effect on the financial statements and any other instances warranting the attention of those charged with governance
• Noncompliance with provisions of contracts and grant agreements that has a material effect on the determination of financial statement amounts
• Abuse that has a material effect on the audit
Illustrative reports in AICPA GAS-SA Guide and GAQC Illustrative Auditor’s Reports web page
![Page 48: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/48.jpg)
Single audit report
Compliance• An opinion on compliance for EACH major program
• Reportable instances of noncompliance
Internal Control over Compliance• No opinion on the effectiveness of internal control over
compliance
• Report significant deficiencies and material weaknesses
Illustrative reports in AICPA GAS-SA Guide and GAQC Illustrative Auditor’s Reports web page
48
![Page 49: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/49.jpg)
Schedule of Findings and Questioned Costs
Three required sections• Summary of auditor’s results
• Findings related to the financial statements required to be reported in accordance with GAGAS
• Findings and questioned costs for federal awards
49
![Page 50: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/50.jpg)
50
SFQC –Part 1, Summary of Auditor’s Results
![Page 51: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/51.jpg)
51
SFQC –Part 1, Summary of Auditor’s Results, continued
![Page 52: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/52.jpg)
SFQC – Part 2, Findings Related to the Financial StatementsThis section includes all findings related to the audit of the financial statements that are required to be reported by GAAS and GAGASGAGAS finding elements: • Criteria or specific requirement (required or desired state)• Condition (the situation that exists)• Effect (the difference between the situation that exists and
the required or desired state)• Cause (why it happened)• Recommendation• Views of responsible officials
52
![Page 53: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/53.jpg)
SFQC – Part 3, Audit Findings Related to the Federal Awards
53
Finding Elements
Program information Criteria
Condition Found
Context
Questioned Costs
Whether Sampling
was Statistically
Valid
Repeat Finding From Prior Year
Cause & Effect
Recommendation
Views of Responsible
Officials
§200.516
![Page 54: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/54.jpg)
SFQC – Part 3, Audit Findings Related to the Federal Awards - Suggested Findings Format
54
Element Additional InformationFinding # In format required by DCFProgram information See UG 200.516(b)(1)
Criteria specific requirement upon which the audit finding is basedCondition Includes context, perspective, cause and effect. Also includes separate discussion of
control deficiency, if applicable
Recommendation to prevent future occurrences of the deficiency identified in the audit finding
Questioned Costs Known questioned costs must be identified by CFDA # and applicable federal award identification #
Repeat Finding Yes/No. Related to immediate prior audit (include prior year audit finding numbers)
Whether sampling was statistically valid
Yes/No
Views of responsible official Separate requirement from auditee prepared CAP
§200.516
![Page 55: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/55.jpg)
Auditee Summary Schedule of Prior Audit Findings
55
The CAP and SSPAF must be prepared by the auditee. The UG FAQs specifically indicates at FAQ .511-1 that “the auditor should not prepare these documents for the auditee.”
The status of all audit findings included in the prior audit's SFQC
Audit findings reported in the prior audit's summary schedule of prior audit findings except audit findings listed as corrected or no longer valid or not warranting further action in accordance with criteria in the UG
Findings relating to the financial statements which are required to be reported in accordance with GAGAS
![Page 56: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/56.jpg)
Auditee Summary Schedule of Prior Audit Findings
56
Include the fiscal year in which the finding initially occurred
Describe reasons for the finding's recurrence and planned corrective action, and any partial corrective action taken, when audit findings were not corrected or were only partially corrected
Provide an explanation when corrective action taken is significantly different from corrective action previously reported in a corrective action plan or in the federal agency’s or PTE’s management decision
![Page 57: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/57.jpg)
Auditor Responsibility for Summary Schedule of Prior Audit Findings
57
Auditor must follow up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings.
Auditor must report as a current-year finding when the auditor concludes the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding.
![Page 58: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/58.jpg)
Auditee Corrective Action Plan (CAP)
58
At the completion of the audit, the auditee must prepare a CAP on auditee letterhead to address each auditing finding included in the current year auditor’s report.
CAP must be in a document separate from the SFQC.
Must include reference numbers the auditor assigns to audit findings in the SFQC.
Must provide:
• Name(s) of the contact person(s) responsible for corrective action
• Corrective action planned for each audit finding
• Anticipated completion date
• Explanation and specific reasons why auditee disagrees with the audit findings (in cases where the auditee does not agree with the audit findings or believes corrective action is not required)
See the UG FAQs for FAQ .511-1 which discusses the requirement for the CAP to be submitted on auditee letterhead
![Page 59: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/59.jpg)
DCF
59
Auditee must submit a DCF that provides information about the auditee, its federal programs, and the results of the audit• Electronically completed by auditee and auditor on the FAC Web site
• Both auditor and auditee electronically certify (or “sign”)
Represents a summary of the information contained in the reporting package
Reporting package and DCF to be available for public inspection on FAC Web site
The DCF and related instructions can be accessed from the FAC’s website at https://harvester.census.gov/facweb/.
![Page 60: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/60.jpg)
DCF
60
Auditor sections include:• Auditor contact information• Information on the results of the financial statement audit and single
audit
Auditees and auditors must ensure that their respective parts of the reporting package do not include protected personally identifiable information.
An Indian tribe may opt not to make their reporting package public on the FAC. If the take this exception under UG, they are responsible for submitting to PTEs and must make copies available for public inspection.
![Page 61: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/61.jpg)
Single audit quality and best practices
61
![Page 62: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/62.jpg)
Why should single audits be an auditor focus area?Single audits are a “risky” business
Complex engagements that are very specialized
Previous history of quality problems
Regulator and other scrutiny
• QCRs and Desk Reviews of auditors
• Single audits are a “must select” area in peer review
• Ongoing federal oversight of non-federal auditees
Future OMB study of audit quality required every 6 years by UG
• 1st study has not occurred yet; latest information indicates it may be performed in 2019 or 2020 on audits submitted no earlier than 2018
62
![Page 63: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/63.jpg)
What are common single audit deficiency areas?
• Major program determination
• Understanding and testing internal control
• Use of Supplement and compliance testing
• SEFA requirements
• Ensuring adequate audit documentation
• Single audit reporting
• Writing findings
• DCF problems
63
![Page 64: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/64.jpg)
Best practices - SFQC
64
Understand the importance of the SFQC• SFQC is the starting point for federal reviews
– Desk reviews and QCRs
• SFQC provides a concise summary of the audit
– Opinions and Findings
– Major Programs
• SFQC is the basis for the DCF
– Imperative that they each have the same information
![Page 65: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/65.jpg)
Best practices - SFQC
65
Start with a blank “pro forma” of the SFQC
Use a disclosure checklist to check whether auditee has included all required elements• Identification of major programs
• Type A/B dollar threshold
• Cross-check to major program audit documentation
![Page 66: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/66.jpg)
Best practices – audit findings
Write findings from the perspective of the federal agency and what they need to know
Too much is better than too little
Consider using a template outlining each of the required criteria to ensure all required elements are included
Be specific, particularly in criteria and condition
Do not include too much duplication in the descriptions of the condition, effect, and cause
Be practical with recommendations
66
![Page 67: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/67.jpg)
Best practices – reporting
67
Importance of review process of reports, SFQC, and DCF • Trace major programs in SFQC and DCF to audit documentation
• Ensure that SFQC and DCF reflect actual results of audit
• Erase prior year major programs before SFQC “pro forma”
Utilize illustrative audit reports • AICPA Audit Guides previously mentioned
• GAQC Web site (a sampling of reports available to the public)
![Page 68: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/68.jpg)
Best practices – using the FAC to identify quality issues
68
https://harvester.census.gov/facdissem/Main.aspx
![Page 69: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/69.jpg)
Resources to facilitate a single audit
69
![Page 70: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/70.jpg)
AICPA Accounting and Auditing Guides
GAS-SA Guide
AICPA Audit Guide, Audit Sampling
AICPA Accounting and Auditing Guides,
State and Local Governments
Not for Profit Organizations
Order now at: http://www.aicpastore.com/
70
![Page 71: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/71.jpg)
Single audit-related information
Uniform Guidance - Electronic Code of Federal Regulations (e-CFR) versionOMB • Access OMB Compliance Supplement Compliance
Supplement• Find various additional UG related documents Access grant guidance at https://cfo.gov/• Access latest UG FAQ document (July 2017)Access CFDA # information - https://beta.SAM.gov
71
![Page 72: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/72.jpg)
Federal Audit Clearinghouse
https://harvester.census.gov/facweb/• File DCF and single audit reporting packages• Search the single audit database The FAC's Frequently Asked Questions Web pagePDF quick reference guide on navigating the FAC system
72
![Page 74: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/74.jpg)
GAQC resources – GAQC Web site (www.aicpa.org/GAQC)
74
Key areas to check out and/or bookmark:• Access archived GAQC Alerts in chronological order
• Access archived GAQC Web events
• Uniform Guidance auditor resources Web page
• Yellow Book tools and resources
• Other Compliance Audit Information Web page
• GASB Matters
• HUD Information web page
• GAQC Membership Listings
• Auditee Resource Center
o Auditee Single Audit Resources Web page
![Page 75: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/75.jpg)
Other GAQC Resources
Illustrative Auditors Reports
• Single Audit, Yellow Book, SLG, HUD
SEFA Practice Aids (for both auditors and auditees)
Quality Control Tools
• Tips for Getting Through a Quality Control Review
• Peer Review Checklists
• Practice Aid - Establishing and Maintaining a System of Quality Control
75
![Page 76: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/76.jpg)
Recap: topics covered today
76
Sampling concepts in a single audit
Evaluating results of testing
Single audit reporting requirements under the Uniform Guidance
Single audit quality and best practices
Resources to facilitate a single audit
![Page 77: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/77.jpg)
How Do I Get My CPE Certificate?
Access your CPE certificate by clicking the blue “CPE” icon• If at the end of this presentation you are eligible for
but unable to print your CPE certificate, please log back in to this webcast in 24 hours and click the blue “CPE” button. Your certificate will still be available.
• If you need assistance with locating your certificate, please contact the AICPA Service Center at 888.777.7077 or [email protected].
77
![Page 78: Overview of Sampling and Single Audit Reporting Requirements · audit objectives • Internal control over compliance testing • Compliance testing • Financial statement balance](https://reader034.fdocuments.in/reader034/viewer/2022050718/5e1856c9a0509e01d30d9884/html5/thumbnails/78.jpg)
Thank you
Copyright © 2018 American Institute of CPAs. All rights reserved.